# Copyright 2019 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# NOTE: This file is auto generated by the elixir code generator program.
# Do not edit this file manually.

defmodule GoogleApi.BinaryAuthorization.V1.Model.VerificationRule do
  @moduledoc """
  Specifies verification rules for evaluating the SLSA attestations including: which builders to trust, where to fetch the SLSA attestations generated by those builders, and other builder-specific evaluation rules such as which source repositories are trusted. An image is considered verified by the rule if any of the fetched SLSA attestations is verified.

  ## Attributes

  *   `attestationSource` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.AttestationSource.t`, *default:* `nil`) - Specifies where to fetch the provenances attestations generated by the builder (group).
  *   `configBasedBuildRequired` (*type:* `boolean()`, *default:* `nil`) - If true, require the image to be built from a top-level configuration. `trusted_source_repo_patterns` specifies the repositories containing this configuration.
  *   `customConstraints` (*type:* `String.t`, *default:* `nil`) - Optional. A CEL expression for specifying custom constraints on the provenance payload. This can be used when users want to specify expectations on provenance fields that are not covered by the general check. For example, users can use this field to require that certain parameters should never be used during the build process.
  *   `trustedBuilder` (*type:* `String.t`, *default:* `nil`) - Each verification rule is used for evaluation against provenances generated by a specific builder (group). For some of the builders, such as the Google Cloud Build, users don't need to explicitly specify their roots of trust in the policy since the evaluation service can automatically fetch them based on the builder (group).
  *   `trustedSourceRepoPatterns` (*type:* `list(String.t)`, *default:* `nil`) - List of trusted source code repository URL patterns. These patterns match the full repository URL without its scheme (e.g. `https://`). The patterns must not include schemes. For example, the pattern `source.cloud.google.com/my-project/my-repo-name` matches the following URLs: - `source.cloud.google.com/my-project/my-repo-name` - `git+ssh://source.cloud.google.com/my-project/my-repo-name` - `https://source.cloud.google.com/my-project/my-repo-name` A pattern matches a URL either exactly or with `*` wildcards. `*` can be used in only two ways: 1. trailing `*` after hosturi/ to match varying endings; 2. trailing `**` after hosturi/ to match `/` as well. `*` and `**` can only be used as wildcards and can only occur at the end of the pattern after a `/`. (So it's not possible to match a URL that contains literal `*`.) For example: - `github.com/my-project/my-repo` is valid to match a single repo - `github.com/my-project/*` will match all direct repos in `my-project` - `github.com/**` matches all repos in GitHub
  """

  use GoogleApi.Gax.ModelBase

  @type t :: %__MODULE__{
          :attestationSource =>
            GoogleApi.BinaryAuthorization.V1.Model.AttestationSource.t() | nil,
          :configBasedBuildRequired => boolean() | nil,
          :customConstraints => String.t() | nil,
          :trustedBuilder => String.t() | nil,
          :trustedSourceRepoPatterns => list(String.t()) | nil
        }

  field(:attestationSource, as: GoogleApi.BinaryAuthorization.V1.Model.AttestationSource)
  field(:configBasedBuildRequired)
  field(:customConstraints)
  field(:trustedBuilder)
  field(:trustedSourceRepoPatterns, type: :list)
end

defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.VerificationRule do
  def decode(value, options) do
    GoogleApi.BinaryAuthorization.V1.Model.VerificationRule.decode(value, options)
  end
end

defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.VerificationRule do
  def encode(value, options) do
    GoogleApi.Gax.ModelBase.encode(value, options)
  end
end
